# ベースイメージ FROM centos:centos7 ######################################### # Production Dockerfile ######################################### # 作成したユーザ情報 LABEL maintainer="Admin " # rubyとrailsのバージョンを指定 ENV ruby_ver="2.5.7" ENV rails_ver="4.2.10" # 必要なパッケージをインストール RUN yum -y update && \ # yum -y install epel-release && \ yum -y install git make autoconf curl wget && \ yum -y install gcc-c++ glibc-headers openssl-devel readline libyaml-devel readline-devel zlib zlib-devel sqlite-devel bzip2 && \ yum -y install sqlite-devel && \ yum -y install openssl && \ yum clean all RUN yum -y remove mariadb* && \ rm -rf /var/lib/mysql RUN yum -y install localinstall http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm && \ yum -y install mysql-community-client mysql-community-devel && \ yum clean all RUN cp -p /usr/lib64/mysql/libmysqlclient.so /usr/lib64/ # rubyとbundleをダウンロード RUN git clone https://github.com/sstephenson/rbenv.git /usr/local/rbenv && \ git clone https://github.com/sstephenson/ruby-build.git /usr/local/rbenv/plugins/ruby-build # コマンドでrbenvが使えるように設定 RUN echo 'export RBENV_ROOT="/usr/local/rbenv"' >> /etc/profile.d/rbenv.sh && \ echo 'export PATH="${RBENV_ROOT}/bin:${PATH}"' >> /etc/profile.d/rbenv.sh && \ echo 'eval "$(rbenv init --no-rehash -)"' >> /etc/profile.d/rbenv.sh # rubyとrailsをインストール RUN source /etc/profile.d/rbenv.sh; rbenv install ${ruby_ver}; rbenv global ${ruby_ver} RUN source /etc/profile.d/rbenv.sh; gem install --version ${rails_ver} rails; # クライアント証明書発行システムのソース展開 RUN mkdir /home/rails ADD gakunin-cert-docker.20200319.tar.gz /home/rails WORKDIR /home/rails/gakunin-cert COPY database.yml /home/rails/gakunin-cert/config COPY omniauth.rb /home/rails/gakunin-cert/config/initializers RUN /bin/bash -l -c 'bundle install --path vendor/bundle' && \ /bin/bash -l -c 'bundle exec rake db:migrate:reset' && \ # /bin/bash -l -c 'bundle exec rake db:migrate RAILS_ENV=development' /bin/bash -l -c 'bundle exec rake db:migrate RAILS_ENV=production' && \ /bin/bash -l -c 'bundle exec rake assets:precompile RAILS_ENV=production' # PassengerのインストールとApacheの設定 RUN source /etc/profile.d/rbenv.sh; gem install passenger --no-ri --no-rdoc && \ yum install -y curl-devel httpd-devel apr-devel apr-util-devel && \ /bin/bash -l -c 'passenger-install-apache2-module --auto --languages ruby' WORKDIR /etc/httpd/conf.d COPY passenger.conf . # Apache設定 WORKDIR /home/rails/gakunin-cert COPY gakunin-cert-top.pro.conf . #COPY gakunin-cert-top.dev.conf . COPY gakunin-cert-top.add.txt . RUN echo setEnv SECRET_KEY_BASE `/bin/bash -l -c 'bundle exec rake secret'` >> gakunin-cert-top.conf && \ cat gakunin-cert-top.add.txt >> gakunin-cert-top.pro.conf && \ # cat gakunin-cert-top.add.txt >> gakunin-cert-top.dev.conf && \ mv gakunin-cert-top.pro.conf gakunin-cert-top.conf && \ # mv gakunin-cert-top.dev.conf gakunin-cert-top.conf && \ cp gakunin-cert-top.conf /etc/httpd/conf.d # UPKI電子証明書自動発行支援システムの設定 COPY mycerts/certificates /home/rails/gakunin-cert/config/certificates # クライアント証明書発行システムの設定 WORKDIR /home/rails/gakunin-cert/config COPY shibcert.yml . # Apache SSL用設定ファイルデータ ########################### COPY mycerts/certs/ /etc/pki/tls/certs COPY mycerts/private/ /etc/pki/tls/private COPY ssl.conf /etc/httpd/conf.d/ # DB関連ファイルの権限設定 WORKDIR /home/rails/gakunin-cert/ RUN chown -R nobody:nobody db log tmp config ######### Shibbolethインストール ############################## #Workaround since OpenSUSE's provo-mirror is not working properly #COPY security:shibboleth.repo /etc/yum.repos.d/security:shibboleth.repo #RUN yum -y update \ # && yum -y install wget \ RUN wget http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo -P /etc/yum.repos.d \ # && yum -y install httpd shibboleth-3.0.4-3.2 mod_ssl \ && yum -y install shibboleth-3.0.4-3.2 mod_ssl \ && yum -y clean all COPY httpd-shibd-foreground /usr/local/bin/ COPY shibboleth/ /etc/shibboleth/ COPY shib.conf /etc/httpd/conf.d/ RUN chown shibd.shibd /etc/shibboleth/cert/server.key && \ chmod 440 /etc/shibboleth/cert/server.key RUN test -d /var/run/lock || mkdir -p /var/run/lock \ && test -d /var/lock/subsys/ || mkdir -p /var/lock/subsys/ \ && chmod +x /etc/shibboleth/shibd-redhat \ && echo $'export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH\n'\ > /etc/sysconfig/shibd \ && chmod +x /etc/sysconfig/shibd /etc/shibboleth/shibd-redhat /usr/local/bin/httpd-shibd-foreground \ && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog \/dev\/stdout/g' /etc/httpd/conf/httpd.conf \ && echo -e "\nErrorLogFormat \"httpd-error [%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \ && sed -i 's/CustomLog "logs\/access_log" combined/CustomLog \/dev\/stdout \"httpd-combined %h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\"/g' /etc/httpd/conf/httpd.conf \ && sed -i 's/ErrorLog logs\/ssl_error_log/ErrorLog \/dev\/stdout/g' /etc/httpd/conf.d/ssl.conf \ && sed -i 's/<\/VirtualHost>/ErrorLogFormat \"httpd-ssl-error [%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\\ %a] %M% ,\\ referer\\ %{Referer}i\"\n<\/VirtualHost>/g' /etc/httpd/conf.d/ssl.conf \ && sed -i 's/CustomLog logs\/ssl_request_log/CustomLog \/dev\/stdout/g' /etc/httpd/conf.d/ssl.conf \ && sed -i 's/TransferLog logs\/ssl_access_log/TransferLog \/dev\/stdout/g' /etc/httpd/conf.d/ssl.conf EXPOSE 80 443 CMD ["httpd-shibd-foreground"]